Bug 137268

Summary:

JSObject::put under operationPutByIdNonStrictBuildList crashes Web Inspector process on many pages

Product:

WebKit

Reporter:

Jonathan Wells <jonowells>

Component:

JavaScriptCore

Assignee:

Mark Lam <mark.lam>

Status:

RESOLVED DUPLICATE

Severity:

Normal

CC:

fpizlo, ggaren, graouts, joepeck, mark.lam, oliver, timothy, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
[SCREENSHOT] blank inspector	none
[LOG] crash log	none

Jonathan Wells

Reported 2014-09-30 14:23:34 PDT

To reliably reproduce (in ToT WebKit): 1. visit http://twitter.com 2. open the inspector A blank inspector window opens. You can also try: 1. visit any page with a few scripts on it 2. open the inspector, which should hopefully open correctly. 3. try to edit the documents, view timelines, or run scripts in the console until the inspector crashes

Attachments
[SCREENSHOT] blank inspector (42.94 KB, image/png) 2014-09-30 14:23 PDT, Jonathan Wells	no flags	Details
[LOG] crash log (65.76 KB, text/plain) 2014-09-30 15:08 PDT, Jonathan Wells	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2014-09-30 14:23:45 PDT

<rdar://problem/18506181>

Jonathan Wells

Comment 2 2014-09-30 14:23:58 PDT

Created attachment 238961 [details] [SCREENSHOT] blank inspector

Timothy Hatcher

Comment 3 2014-09-30 14:33:16 PDT

Can you attach the crash log?

Jonathan Wells

Comment 4 2014-09-30 14:51:40 PDT

Where can I find it? The crash dialog doesn't come up. I see this in the OS X console when the crash occurs: 9/30/14 2:48:06.902 PM com.apple.xpc.launchd[1]: (com.apple.ReportCrash[21640]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash

Timothy Hatcher

Comment 5 2014-09-30 14:58:04 PDT

~/Library/Logs/DiagnosticReports

Jonathan Wells

Comment 6 2014-09-30 15:08:57 PDT

Created attachment 238967 [details] [LOG] crash log

Mark Lam

Comment 7 2014-10-17 18:43:59 PDT

I am not able to reproduce this with a build of r174798 (minus a workaround patch in r174749). However, using my own repro steps for https://webkit.org/b/137340 to cause a crash, I see that I get exact same symptoms of a blank WebInspector window if the WebInspector has been popped out into its own window. https://webkit.org/b/137340 is a bug that manifests in JS put bytecodes, similar to this bug. Hence, I am quite certain that this is a dup of https://webkit.org/b/137340 which has been fixed in http://trac.webkit.org/changeset/174856. I'm closing this bug as a dup. Please reopen it if you are able to reproduce it with r174856 or higher. *** This bug has been marked as a duplicate of bug 137340 ***

Note You need to log in before you can comment on or make changes to this bug.